SIM cardless first stage loader, second stage loader and drivers for DM800 DM800se DM8000

dm800hdpro
30-03-2012, 12:07
If you need the latest sim-cardless patched first stage loader, second stage loader and drivers ,please contact me.
With these patched system files, manufacturers can make clones without sim-cards. The latest ssl and drivers can be used.
Fans can replace their original first stage loader with the patched sim-cardless one, so they have two options ,when sim card in box they can use ssl and drivers patched for special sim card, when removing sim card from box ,they can use ssl and drivers patched for sim cardlesss.
I've made DM800 sim cardless first stage loader and second stage loader public at 115.com/file/e7on1q1i# and there is my contact information in it.
It's for testing purpose for manufacturers and fans, so I reserve patched drivers, may be make it public later.

Hell-o
31-03-2012, 16:52
is this a new sim or a new firmware that work without the sim card inside its a little unclear this thing.

BM300
01-04-2012, 05:34
This sounds like a software patch that is directed to the box manufacturers.

I have seen one such box that does NOT have a SIM card.
It is working using PLi image.

Ferret
02-04-2012, 08:16
Sound like the sim data is merly transfer to the new chip you need to solder in.

Doubt this would be anymore reliable than what the current clone sim manufactures have with their sims.

forhike
19-04-2012, 16:10
realy nice work!!

still waiting for "ic's" to be able to test solution.

finaly some new cool development for dreambox scene =)

best regards!

dm800hdpro
20-04-2012, 03:55
Also I've released cardless FSL and SSL for DM800se, and I change download link for easy download outside china.

DM800se cardless file download link:
http://m0.mail.sina.com.cn/apps/netdisk/download.php?id=5f72a7beb08751962d149e36ef7b03bb

DM800 cardless file download link:
http://m0.mail.sina.com.cn/apps/netdisk/download.php?id=74d53f5a04b531c2e845207cf8e863ea



To ferret:
you are wrong , you can delete my posts once again but you can't stop sim card replaced by sim-cardless.

Ferret
20-04-2012, 08:10
Also I've released cardless FSL and SSL for DM800se, and I change download link for easy download outside china.

DM800se cardless file download link:
http://m0.mail.sina.com.cn/apps/netdisk/download.php?id=5f72a7beb08751962d149e36ef7b03bb

DM800 cardless file download link:
http://m0.mail.sina.com.cn/apps/netdisk/download.php?id=74d53f5a04b531c2e845207cf8e863ea



To ferret:
you are wrong , you can delete my posts once again but you can't stop sim card replaced by sim-cardless.

The links you supplied contained more adverts than i could count these links are clean and ok so will be left.

saty
20-04-2012, 14:05
So now howto proceed, take out the sim card and flash both loaders..??
Which driver can be used..?

gjstroom
20-04-2012, 14:59
I tried to flash using the web on my 800se, but all I get is:
The connection was reset
The connection to the server was reset while the page was loading.
What to do with the 500 files ?
Maybe DreamUp is needed ?

BM300
20-04-2012, 15:25
@dm800hdpro

Any tips?

gjstroom
20-04-2012, 16:31
I believe this can only be done by programming the 27w401 eprom which is inside the box (I looked inside my 800SE SR4).
I needs to be programmed with the first stage file(500K) file.

cokesux
20-04-2012, 17:06
Nevermind, asked & answered...

--

gjstroom
20-04-2012, 18:32
It's also a OTP EPROM (one time programmable). So we need to programm a new one. I am looking if it can be done with this EPROM Programmer.
http://www.keeelectronics.com/catalog/product_info.php?cPath=22&products_id=49

gjstroom
20-04-2012, 19:48
Well, my 800PVR has a eprom mounted without a socket and it has no labels on top. The ic looks very similar to the one inside the 800SE SR4.

saty
20-04-2012, 20:42
I recommend waiting for some more info then bricking the chips :)

dm800hdpro
21-04-2012, 02:41
So now howto proceed, take out the sim card and flash both loaders..??
Which driver can be used..?

You can flash these loaders with/without sim card using appropriate tools, but after falshed these loaders you don't need sim card any more.
You must use patched drivers for these loaders, but untill now I have not released these patched drivers yet, because now it's time for showing how to boot into linux without sim card, and when you get into linux ,many peoples have the ability to handle anything including drivers.

saty
21-04-2012, 03:08
Well thanks for this info, with "appropriate tools" you mean a special programmer for the eeprom..??

dm800hdpro
21-04-2012, 04:54
I tried to flash using the web on my 800se, but all I get is:
The connection was reset
The connection to the server was reset while the page was loading.
What to do with the 500 files ?
Maybe DreamUp is needed ?

Yes you can flash nfi files using web pages. But the download link in my previous post is a nfi format 2 file, maybe not compatiable with your 800se, so I update the file with nfi format 1 file to get most compatiable. the new link is:
http://m0.mail.sina.com.cn/apps/netdisk/download.php?id=acf159c0e327d674062ee3299b1ed9e3
Before flash cardless nfi file, remember to backup your original ssl nfi file to flash back whenever you want.

Basicly, dreamup is not needed for nfi files, but if you remove your sim card and flash nfi files from a system isn't cardless, then you need dreamup patched by forhike to do it.

The firststage file is for eprom on your box, usually its model is M27W401, it locate in a socket or soldered on board. M27W401 can only be written once ,so you must write firststage file to a new one and insert it back to socket or solder it back to board. But there is another choice of eprom, SST39VF series eprom can be re-written, so you can make more tries with just one eprom. Usually, writing eprom need a programmer, but if your box have the write-enable signal pin wired out to eprom chip, you can write a SST39VF series eprom in linux without a programmer.

gjstroom
21-04-2012, 12:09
You can flash these loaders with/without sim card using appropriate tools, but after falshed these loaders you don't need sim card any more.
You must use patched drivers for these loaders, but untill now I have not released these patched drivers yet, because now it's time for showing how to boot into linux without sim card, and when you get into linux ,many peoples have the ability to handle anything including drivers.
So your goal is to run a box without a simcard. But to run an Enigma2 image we still need patched drivers. It would be very nice if this simless first/secondstage combination can run all original images without need for patching.
This is only interesting for clonebox builders to save on parts.
If I understand correctly, it doesn't solve anything about DMM protections.

gjstroom
21-04-2012, 12:15
The firststage file is for eprom on your box, usually its model is M27W401, it locate in a socket or soldered on board. M27W401 can only be written once ,so you must write firststage file to a new one and insert it back to socket or solder it back to board. But there is another choice of eprom, SST39VF series eprom can be re-written, so you can make more tries with just one eprom. Usually, writing eprom need a programmer, but if your box have the write-enable signal pin wired out to eprom chip, you can write a SST39VF series eprom in linux without a programmer.
Nice, do you have the program to write the eprom inside the box ?
It should be possible to run the box on whatever kind of image, hotplug the eprom chip from its socket, exchange it with a SST39VF and write the friststage file (if you have wired a write-enable signal pin).

BM300
21-04-2012, 12:27
This thread is getting more interesting as we go along.

dm800hdpro
21-04-2012, 13:26
So your goal is to run a box without a simcard. But to run an Enigma2 image we still need patched drivers. It would be very nice if this simless first/secondstage combination can run all original images without need for patching.
This is only interesting for clonebox builders to save on parts.
If I understand correctly, it doesn't solve anything about DMM protections.

Patching is needed on any images running on a clone, even if it has a sim card,the only difference is who make it and where it's patched at. You can patch it yourself or someone else will do it for you but you don't know. In fact, sim makers and image makers do lots of patching in order to make DMM's system running on clone box and clone sim card.
You don't understand correctly. DMM's key proctections lies in FSL,SSL and drivers, I solve them all, but at now I publish only FSL and SSL becuase I have not decided to provide patched drivers only to manufacturers or to everyone, maybe someone else will provide patched drivers to everyone with help of my patched FSL and SSL.

dm800hdpro
21-04-2012, 13:32
Nice, do you have the program to write the eprom inside the box ?
It should be possible to run the box on whatever kind of image, hotplug the eprom chip from its socket, exchange it with a SST39VF and write the friststage file (if you have wired a write-enable signal pin).

Yes I do have the program to write eprom in linux os. But most important is to make sure the pin is wired out. You must find out if EBI_WE1b or EBI_WE0b pin is connect to your socket at the right place which can be found at SST39VF's datasheet.
Here is the bcm7405 pinout :
http://hardware.wikinet.org/wiki/BCM7405/Pinout

gjstroom
21-04-2012, 14:14
Patching is needed on any images running on a clone, even if it has a sim card,the only difference is who make it and where it's patched at. You can patch it yourself or someone else will do it for you but you don't know. In fact, sim makers and image makers do lots of patching in order to make DMM's system running on clone box and clone sim card.
You don't understand correctly. DMM's key proctections lies in FSL,SSL and drivers, I solve them all, but at now I publish only FSL and SSL becuase I have not decided to provide patched drivers only to manufacturers or to everyone, maybe someone else will provide patched drivers to everyone with help of my patched FSL and SSL.
Ok, but the current sim201/sim210 secondstage ssl were able to run images with original drivers (20111109). I know al 3 (FSL/SSL and driver) should match. I'm not talking about Gutemine InitramFS or TPM protections.
I think if you only provide patched drivers to manufacturers, it would not take very long to have them available in the scene...

saty
21-04-2012, 14:14
Its interesting as a hobby project but not for avarage users now i think.

In the end its the same as running a sim 2.xx card, patched sll and a orginal old driver since they lack patching seems, not really a benefit :)

Dunno if dm800hdpro did patch the latest 20120322 driver successfully..

Can you not patch 20120322 drivers for us sim owners ;) ..??

dm800hdpro
21-04-2012, 14:37
Ok, but the current sim201/sim210 secondstage ssl were able to run images with original drivers (20111109). I know al 3 (FSL/SSL and driver) should match. I'm not talking about Gutemine InitramFS or TPM protections.
I think if you only provide patched drivers to manufacturers, it would not take very long to have them available in the scene...

Haha...
Let me tell you the trick, there are not any original drivers on clone, but it's a kind of high-end patching tech named "runtime patching", so you guys don't know it been patched and where it get patched.

dm800hdpro
21-04-2012, 14:41
Its interesting as a hobby project but not for avarage users now i think.

In the end its the same as running a sim 2.xx card, patched sll and a orginal old driver since they lack patching seems, not really a benefit :)

Dunno if dm800hdpro did patch the latest 20120322 driver successfully..

Can you not patch 20120322 drivers for us sim owners ;) ..??

No I never patched old drivers, Neither 20120322, because it's old too. I always patch latest drivers, so the driver version I successfully patched for dm800se is 20120328.
About benefit, besides lastest ssl and drivers it has low price for new products.
About publishing patched drivers, all I can tell you is I'm thinking about it.

gjstroom
21-04-2012, 14:44
Haha...
Let me tell you the trick, there are not any original drivers on clone, but it's a kind of high-end patching tech named "runtime patching", so you guys don't know it been patched and where it get patched.
Yes it's some kind of memory overlay trick.

saty
21-04-2012, 14:50
About publishing patched drivers, all I can tell you is I'm thinking about it.

That would be very nice :thum:

chiefobrei
21-04-2012, 17:51
If your patched driver will be released. Can we use them on a Sim 2.1 dreambox using the following procedure?

Flash a Original Image
Flash your SSL
Exchange the driver to your patched ones

Remove the Sim and the box will boot?

gjstroom
21-04-2012, 20:56
If your patched driver will be released. Can we use them on a Sim 2.1 dreambox using the following procedure?
Flash a Original Image
Flash your SSL
Exchange the driver to your patched ones
Remove the Sim and the box will boot?
You you need another first stage loader in your box. This part is programmed in a eprom and can't be update without special tools like a eprom programmer or a customized box.

toysoft
21-04-2012, 22:38
Exactly, it's on the fly patching also if the claim is that it uses original drivers, as well as every new driver patching will need a new SSL patched (to support newer mode to patch newer drivers). So personally I prefer just normally patched drivers, so you can use what you want (SSL and not have a new one everytime drivers are released that need new patching) and which drivers you want without beeing forced to comply with correct drivers with correct SSL compatibility patcher.

TS

Yes it's some kind of memory overlay trick.

toysoft
21-04-2012, 22:42
Would be surprised to see that you can just reprogram the EPROM Chip... it looks like to me more a OTP EPROM (for cost reason), so you cannot reflash it (you will need to replace it by a new programmed one with correct FSL) ?

TS

You can flash these loaders with/without sim card using appropriate tools, but after falshed these loaders you don't need sim card any more.
You must use patched drivers for these loaders, but untill now I have not released these patched drivers yet, because now it's time for showing how to boot into linux without sim card, and when you get into linux ,many peoples have the ability to handle anything including drivers.

cokesux
21-04-2012, 22:53
Would be surprised to see that you can just reprogram the EPROM Chip... it looks like to me more a OTP EPROM (for cost reason), so you cannot reflash it (you will need to replace it by a new programmed one with correct FSL) ?

TS

As was already stated multiple times in this thread... ;)

--

dm800hdpro
22-04-2012, 02:34
If your patched driver will be released. Can we use them on a Sim 2.1 dreambox using the following procedure?

Flash a Original Image
Flash your SSL
Exchange the driver to your patched ones

Remove the Sim and the box will boot?

Yes but also you need flash FSL using the method I mentioned in this thread.

dm800hdpro
22-04-2012, 02:36
Would be surprised to see that you can just reprogram the EPROM Chip... it looks like to me more a OTP EPROM (for cost reason), so you cannot reflash it (you will need to replace it by a new programmed one with correct FSL) ?

TS

You would not be surprised if you really read this thread, especially post #18.

toysoft
22-04-2012, 14:45
Read Cokesux, you post again (repeat) as I done. And this is only 2 posts before yours.

If you want I can repost the same, so you can again tell I reposted ;o))))

TS

You would not be surprised if you really read this thread, especially post #18.

dm800hdpro
22-04-2012, 15:12
Read Cokesux, you post again (repeat) as I done. And this is only 2 posts before yours.

If you want I can repost the same, so you can again tell I reposted ;o))))

TS

I didn't repeat because cokesux's post is after your post, I read your post firstly and reply by read ,it's natural. But you reply post #28 firstly then reply post #16, and skip content of post #18, it's strange. I don't know whether you skip it or pretend to skip it , repeat it or pretend to repeat it ;o))))

saty
22-04-2012, 16:33
Please stay ontopic and never feed any trols ;)

gjstroom
22-04-2012, 16:40
Yes I do have the program to write eprom in linux os. But most important is to make sure the pin is wired out. You must find out if EBI_WE1b or EBI_WE0b pin is connect to your socket at the right place which can be found at SST39VF's datasheet.
Here is the bcm7405 pinout :
http://hardware.wikinet.org/wiki/BCM7405/Pinout
I checked also my Sunray 800SE, this one has the SST39VF040 inside, also on socket. Can you share the eprom flash program ? I suppose it can also make dump of the current rom ?
But, it's nice to have a simless box, but if you don't release the driver it's kind of pointless. I really like to try it !

saty
22-04-2012, 16:47
Here is a screenie of a dm800se sr4 d6 mainboard with the eeprom in the brown socket, thanks gjs for pointing that out :)

http://img534.imageshack.us/img534/3632/20pl.jpg (http://imageshack.us/photo/my-images/534/20pl.jpg/)

dm800hdpro
23-04-2012, 00:58
I checked also my Sunray 800SE, this one has the SST39VF040 inside, also on socket. Can you share the eprom flash program ? I suppose it can also make dump of the current rom ?
But, it's nice to have a simless box, but if you don't release the driver it's kind of pointless. I really like to try it !

If you put your box on the internet, I can dump your current rom for you through ssh, and also I can check if your write-enable pin is wired out to appropriate pin of SST39VF040.
Please email me at for time and operation details, and also we can chat through embedded google talk function in gmail.

toysoft
23-04-2012, 15:04
Let's go back to the thread instead of telling bullshit because some members doesn't like others that have a wider view than only their own box and team.

Here is the SST chip details,

SST39LF010 / 020 / 040 and SST39VF010 / 020 / 040 Data Sheet (08/08/2011)
The SST39VF040 is a 5124K x8CMOS Multi-Purpose Flash (MPF) manufactured with SST proprietary, high performance CMOS SuperFlash technology. The split-gate cell design and thick-oxide tunneling injector attain better reliability and manufacturability compared with alternate approaches. The SST39VF040 device writes (Program or Erase) with a 2.7-3.6V power supply. The device conforms to JEDEC standard pinouts for x8 memories.

http://www.microchip.com/wwwproducts/Devices.aspx?dDocName=en549497

# Organized as 64K x8 / 128K x8 / 256K x8 / 512K x8
# Single Voltage Read and Write Operations 3.0-3.6V for SST39LF512/010/020/040 2.7-3.6V for SST39VF512/010/020/040
# Superior Reliability Endurance: 100,000 Cycles (typical) Greater than 100 years Data Retention
# Low Power Consumption (typical values at 14 MHz) Active Current: 5 mA (typical) Standby Current: 1 μA (typical)
# Sector-Erase Capability Uniform 4 KByte sectors
# Fast Read Access Time: 45 ns for SST39LF512/010/020/040 55 ns for SST39LF020/040 70 ns for SST39VF512/010/020/040
# Latched Address and Data
# Fast Erase and Byte-Program: Sector-Erase Time: 18 ms (typical) Chip-Erase Time: 70 ms (typical) Byte-Program Time: 14 μs (typical) Chip Rewrite Time: 1 second (typical) for SST39LF/VF512 2 seconds (typical) for SST39LF/VF010 4 seconds (typical) for SST39LF/VF020 8 seconds (typical) for SST39LF/VF040
# Automatic Write Timing Internal VPP Generation
# End-of-Write Detection Toggle Bit Data# Polling
# CMOS I/O Compatibility
# JEDEC Standard Flash EEPROM Pinouts and command sets
# Packages Available 32-lead PLCC 32-lead TSOP (8mm x 14mm) 48-ball TFBGA (6mm x 8mm) 34-ball WFBGA (4mm x 6mm) for 1M and 2M
# All devices are RoHS compliant


So we can read/write, as well as ERASE : "JEDEC Standard Flash EEPROM Pinouts and command sets".

I would be interesting to know which chip is on the DM800HD boxes, that one could be more probably EPROM only one time programming.

TS

gjstroom
23-04-2012, 19:24
So we can read/write, as well as ERASE : "JEDEC Standard Flash EEPROM Pinouts and command sets".

I would be interesting to know which chip is on the DM800HD boxes, that one could be more probably EPROM only one time programming.

The 39VF040 can be written it's a Multi-Purpose Flash chip, we all can read and google datasheets.
The M27W401 is a OTP EPROM and can be written once.
But like dm800hdpro already said, is the write-enable pin wired-out to the bcm chip (if your box is equipped with a 39VF040).
It's hard to tell which one is inside a 800HD, mine is sanded blank.

dm800hdpro
25-04-2012, 01:11
Finaly, I decide to publish latest patched drivers for sim-cardless DM800se and sim-cardless DM800. To use sim-cardless fsl/ssl/drivers, you must replace your 4Mbits eprom to at least 8Mbits. I recommend Micron 8Mbits Nor flash M29W800D. You can ask me if other memories are compatible. Because larger memory chip is at least 48-pins package, so you must do some hardware patching on current box to use it , you can do it yourself or let someone with more skills to do it for you. If you book a new box, you can ask manufacturer to do it for you ,it's convenient for manufacturer to do this, and you don't need sim card any more so you can ask for lower price. After doing this replacement, you can ask me for latest patched drivers by contact me at

dm800hdpro
25-04-2012, 12:02
Ferret said no email address allowed, so you all can request patched drivers here just in this thread by posting reply. Let us throw away sim card as soon as possible !

dm800hdpro
25-04-2012, 12:13
Sound like the sim data is merly transfer to the new chip you need to solder in.

Doubt this would be anymore reliable than what the current clone sim manufactures have with their sims.

There're some words I'm lazy to tell you before, but now I think it's necessary to tell you clearly. I don't agree with you. In my opinion, It is not merely transfer sim data to anywhere else, and it's far more reliable than current clone sim card.

Ferret
25-04-2012, 12:17
Ferret said no email address allowed, so you all can request patched drivers here just in this thread by posting reply. Let us throw away sim card as soon as possible !


Just post the drivers why do our member need to contact you via a private email address ?

Thread will be closed the next time you question or break the forum rules.

Ferret
25-04-2012, 12:28
There're some words I'm lazy to tell you before, but now I think it's necessary to tell you clearly. I don't agree with you. In my opinion, It is not merely transfer sim data to anywhere else, and it's far more reliable than current clone sim card.

What sort of hack is this ? 95% of our members do not have the knowledge or equipment to complete this modification.

Even if they did i feel this type of hack will be closed quickly by DMM.

I have the feeling this is nothing more then a advertising campain for a individule wanting to join a team or for a up and coming team.

I stand to be proved wrong maybe but you offer nothing other than this hack and joined to announce this hack.

dm800hdpro
25-04-2012, 12:33
Just post the drivers why do our member need to contact you via a private email address ?

Thread will be closed the next time you question or break the forum rules.

I just tell members to contact me at this thread by reply, why can't wait to tell what you really want ? close the thread ? protect current sim card team's income ?

dm800hdpro
25-04-2012, 12:39
What sort of hack is this ? 95% of our members do not have the knowledge or equipment to complete this modification.

Even if they did i feel this type of hack will be closed quickly by DMM.

I have the feeling this is nothing more then a advertising campain for a individule wanting to join a team or for a up and coming team.

I stand to be proved wrong maybe but you offer nothing other than this hack and joined to announce this hack.

Even if members can't complete it , they can ask someone else to do it , they can ask manufacturer to do it, what are you really afraid of ? I don't think DMM can close it ,even if they can close clone sim card , they can't close this hack.
I don't want to join any team because their low tech, and I don't have any team here, I just one person who want to make clone box much more cheaper . I feel you speak more like a sim card team speaker than an admin.

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum